Actually this is a little easier than you might think, since IA is not
required to logon through FTP. So just set the user up with SF,BA and that
takes care of sessions.

Unfortunately, you still have to do something to prevent folks from
submitting jobs under the FTP logon. MPE won't let you set up a user with
neither BA nor IA.

Personally, I think this is a security hole, since it allows someone to
logon to a "BA only" account using an interactive tool. However, in this
case, it could work to your advantage.

--Ken Kirby
  Management Information Systems
  Vanderbilt University



-----Original Message-----
From: Costas Anastassiades [mailto:[log in to unmask]]
Sent: Wednesday, March 08, 2000 9:28 AM
Subject: Creating an "FTP only" user

I wanted to set up a user just for FTP. The user will have a password but
since all FTP clients will logon using this user, the password won't be the
best kept one. So I didn't want the user to be able to access the system
prompt or execute any other command should someone get clever and actually
logon as a normal session.

This is what I came up with.
-create a new user with SF, IA and a specific HOME group
-assign him a UDC which has OPTION LOGON and NOBREAK and which PAUSES for
say 5 minutes (more than enough FTP time for my needs) and then issues a BYE

and ... this ... seems ... to ... work :)

FTP clients can logon and exchange files and yet when you logon with a HELLO
there's nothing to do but wait for the BYE to be automatically issued. What
is really neat, is that once the FTP client logs off, the session also dies,
regardless of the elapsed PAUSE time.

Now the purpose of this message is so someone can :

a) tell me that I'm reinventing the wheel and/or
b) tell me what I'm missing and/or
b) suggest a more robust approach

Costas Anastassiades,
INTRACOM SA
Athens - Greece